package controllers

import (
	"WebSvr/modules/common"
	"WebSvr/modules/mysql"

	"net/http"
	"strconv"
	"text/template"

	"github.com/astaxie/beego"
)

type WebUserCfgController struct {
	beego.Controller
}

// "/adminUser"
func (this *WebUserCfgController) GetAdminUser() {
	if !common.GStopFlag {
		ip := this.Ctx.Input.IP()
		webAdmin := mysql.GetWebAdmin()
		userName, accessInt := webAdmin.GetAccessByIp(ip)

		switch int32(accessInt) {
		case common.ACCESS_ADMIN:
			{
				this.Data["xsrf_token"] = this.XSRFToken()
				this.Data["adminName"] = userName
				RecordUserAction(userName, accessInt, ip, "获取adminUser页")
				this.TplName = "adminUser.html"
			}
		case common.ACCESS_SERVER:
			fallthrough
		case common.ACCESS_REPORT:
			fallthrough
		default:
			{
				RecordUserAction(userName, accessInt, ip, "获取adminUser页失败转404")
				this.TplName = "404.html"
			}
		}
	} else {
		this.CustomAbort(http.StatusBadRequest, "服务器关机中")
	}

}

// "/admingetUser"
func (this *WebUserCfgController) GetUserData() {
	if !common.GStopFlag {
		ip := this.Ctx.Input.IP()
		webAdmin := mysql.GetWebAdmin()
		userName, accessInt := webAdmin.GetAccessByIp(ip)
		switch int32(accessInt) {
		case common.ACCESS_ADMIN:
			{
				userSlice := webAdmin.GetAllUserCfg()
				RecordUserAction(userName, accessInt, ip, "admingetUser成功")
				this.Data["json"] = userSlice
				this.ServeJSON()
			}
		case common.ACCESS_SERVER:
			fallthrough
		case common.ACCESS_REPORT:
			fallthrough
		default:
			{
				RecordUserAction(userName, accessInt, ip, "admingetUser失败,权限不足")
				this.CustomAbort(http.StatusUnauthorized, "权限不足")
			}
		}
	} else {
		this.CustomAbort(http.StatusBadRequest, "服务器关机中")
	}
}

func (this *WebUserCfgController) escapeC2SString() common.S2WUserData {
	ipC2S := this.Input().Get("ip")
	nameC2S := this.Input().Get("name")
	passwdC2S := this.Input().Get("passwd")
	accessC2S := this.Input().Get("access")
	otherC2S := this.Input().Get("other")
	/*转换预防XSS*/
	ipEscape := template.JSEscapeString(ipC2S)
	nameEscape := template.JSEscapeString(nameC2S)
	passwdEscape := template.JSEscapeString(passwdC2S)
	accessEscape := template.JSEscapeString(accessC2S)
	otherEscape := template.JSEscapeString(otherC2S)
	var userData common.S2WUserData
	userData.Name = nameEscape
	userData.Ip = ipEscape
	userData.Passwd = passwdEscape
	userData.Access, _ = strconv.Atoi(accessEscape)
	userData.Other = otherEscape
	return userData
}

// "/c2sSaveUser"
func (this *WebUserCfgController) PostSaveUserCfg() {
	if !common.GStopFlag {
		ip := this.Ctx.Input.IP()
		webAdmin := mysql.GetWebAdmin()
		userName, accessInt := webAdmin.GetAccessByIp(ip)
		switch int32(accessInt) {
		case common.ACCESS_ADMIN:
			{
				escapeUserData := this.escapeC2SString()
				//保存到数据库
				bsave := webAdmin.SaveUserCfg2mySql(escapeUserData)
				if !bsave {
					RecordUserAction(userName, accessInt, ip, "c2sSaveUser 保存数据库失败")
					this.CustomAbort(http.StatusServiceUnavailable, "c2sSaveUser fail")
				} else {
					RecordUserAction(userName, accessInt, ip, "c2sSaveUser成功")
					this.CustomAbort(http.StatusOK, "c2sSaveUser ok")
				}
			}
		case common.ACCESS_SERVER:
			fallthrough
		case common.ACCESS_REPORT:
			fallthrough
		default:
			{
				RecordUserAction(userName, accessInt, ip, "c2sSaveUser失败,权限不足")
				this.CustomAbort(http.StatusUnauthorized, "c2sSaveUser失败,权限不足")
			}
		}
	} else {
		this.CustomAbort(http.StatusBadRequest, "服务器关机中")
	}
}

// "/c2sDelUser"
func (this *WebUserCfgController) PostDelUserCfg() {
	if !common.GStopFlag {
		ip := this.Ctx.Input.IP()
		webAdmin := mysql.GetWebAdmin()
		userName, accessInt := webAdmin.GetAccessByIp(ip)
		switch int32(accessInt) {
		case common.ACCESS_ADMIN:
			{
				escapeUserData := this.escapeC2SString()
				//保存到数据库
				bdel := webAdmin.DelUserCfg2mySql(escapeUserData)
				if !bdel {
					RecordUserAction(userName, accessInt, ip, "c2sDelUser 删除数据库失败")
					this.CustomAbort(http.StatusServiceUnavailable, "c2sDelUser fail")
				} else {
					RecordUserAction(userName, accessInt, ip, "c2sDelUser 删除数据库成功")
					this.CustomAbort(http.StatusOK, "c2sDelUser ok")
				}
			}
		case common.ACCESS_SERVER:
			fallthrough
		case common.ACCESS_REPORT:
			fallthrough
		default:
			{
				RecordUserAction(userName, accessInt, ip, "c2sDelUser失败,权限不足")
				this.CustomAbort(http.StatusUnauthorized, "权限不足")
			}
		}
	} else {
		this.CustomAbort(http.StatusBadRequest, "服务器关机中")
	}
}

func (this *WebUserCfgController) Finish() {
	requestbody := this.Ctx.Request.Body
	if requestbody != nil {
		defer requestbody.Close()
	}
}
